2017: Looking Back at the Year in the CASB Market

Rapid changes, consolidation, and the move to CASB 2.0

As we roll into 2018, we expect 2017 will be remembered with mixed emotions. Instead of debating its merits and drawbacks, most will agree that 2017 was a time of rapid change, especially for cloud security technology. Stories about digital security are mainstream news. And we are proud to say that the Cloud Access Security Broker (CASB) industry has also become mainstream, to the point that consolidations have shrunk the standalone space, and CASBs play an important role in most major security stacks.

For what seemed like far too long, the CASB industry orbited the Fortune 500 and their complex architectural needs and “sky high” expectations. But now, underserved industries and smaller companies are getting CASB solutions designed just for them.

The CASB market has transformed from its early days in 2014 when it leveraged legacy technology concepts such as proxies, gateways and endpoint agents to the more streamlined cloud-native API architecture today. The “CASB 1.0” approach was about controlled access to cloud applications to meet the specific needs of a niche audience such as the Fortune 500, whereas today’s API approach (dare I say “CASB 2.0”?) meets the need of a much broader market. Now CASB is more about providing deep visibility to mainstream applications such as cloud-based email alongside file sharing and cloud storage apps like Google G Suite and Microsoft Office 365.

Industry giants finally woke up and pivoted downstream. In the past year, there were major acquisitions, big product shifts, and most importantly, more sources of demand. We believe the acronym “CASB” now represents “Cloud Application Security Business.” (it makes more sense, right?)

CASB Acquisitions
At the beginning of 2017, Forcepoint, a firewall and content filtering provider, acquired Skyfence from Imperva. Skyfence’s CASB complements Forcepoint’s technology so that data that is in the cloud and on-premise will be secured by a single platform with more reach.

Then at the end of the year, McAfee announced its plan to acquire Skyhigh Networks. Since other security providers acquired CASBs in previous years, including Microsoft (Adallom), Symantec (Blue Coat), and Cisco (CloudLock), McAfee was one of the last major security players to enter the fray. The late entry was due in part to McAfee being spun-off from Intel earlier in the year.

While many of the original vendors are now gone, several players in the CASB space remain independent, including BitGlass, CensorNet, CipherCloud, Netskope, and of course us here at ManagedMethods.

CASB Product Shifts
One of the more interesting developments in the CASB space is how the landscape itself is changing. Early CASB providers that initially targeted Fortune 500 companies are struggling with growth as downstream sales prove more challenging to them. Due to complex architectural requirements, impact on the end-user experience and unattractive pricing, small and midsize enterprises are passing on the “CASB 1.0” platforms and seeking out platforms that address their specific needs, or they just settle on their existing security infrastructure and hope for the best.

API-based CASB architecture took over in 2017 and became the preferred method to address cloud security because of easier deployment, granular control, and zero impact on the user experience. Additionally, cloud email apps like Office 365 Mail and Google Gmail came front and center into the cloud security market as more organizations continued to migrate from legacy on-prem email systems to these cloud offerings. We recognized this trend early on and were the first CASB vendor to integrate into support for Gmail and Office 365 Mail alongside our other API integrations. Other vendors like Palo Alto Networks and Skyhigh Networks followed up with their own cloud email product extensions later in 2017. We expect more to follow. We are also starting to witness legacy email security vendors tiptoeing into the CASB market, but without much impact, as they lack the ability to go beyond their email gateway and integrate directly into the cloud apps themselves, leaving them in a similar position as many of the early “CASB 1.0” vendors.

Another interesting development is vendors that are trying to provide CASB-like features without actually being a CASB. Some of these vendors are merely acting as a shim that connects cloud apps to other vendors’ security products, and don’t do anything on their own other than make your security stack bigger, more expensive, and increasingly complicated.

A Great Year for ManagedMethods
In the beginning, CASBs all clamored for business from the Fortune 500, but the market quickly peaked and waned. Constant evolutions, shifts in demand, and acquisitions make it difficult to know if you are headed in the right direction. We have always believed there is a major opportunity for the CASB market in the small and midsize businesses that have already made the shift to cloud apps.

Luckily, back in 2015 ManagedMethods put a stake in the ground that API-based CASB solutions were the future and in 2017, it paid dividends. Organizations that need cloud email and file sharing security now only have a couple good options. Our closest competitor is expensive, difficult to integrate, and cumbersome to use. Our focus has always been on ease of use at an affordable price. Our CASB is the perfect combination of features, ease of use and price for a growing marketplace, and we are proud of our team for getting us to this point, front and center.

In the next post, I’ll make some predictions on 2018, and some of the things we look forward to seeing.